What are the best DNS Servers for privacy use?

opnsenseuser · November 12, 2018, 01:41:36 PM

There is 1.1.1.1 and 9.9.9.9 but are there any other Servers?
I read on the internet that opendns is not recommended because they are related to hijacking nxdomain records and serving up their ad page?

does anyone know safe and fast dns server?

Thx,
Regards
Rene

mimugmail · November 12, 2018, 01:48:56 PM

https://dnscrypt.info/public-servers/

Some of them probably support plain dns. dnscrypt plugin will comes in a few weeks ..

tofaz · November 12, 2018, 04:11:49 PM

I have tried to check the link but apparently the webiste is down.

mimugmail · November 12, 2018, 07:49:10 PM

Hm, works for me

tofaz · November 12, 2018, 09:00:09 PM

This morning I tried from my connection and VPN and it was down. I confirm it is back online now.

opnsenseuser · November 13, 2018, 04:43:56 AM

Quote from: mimugmail on November 12, 2018, 01:48:56 PM
https://dnscrypt.info/public-servers/

Some of them probably support plain dns. dnscrypt plugin will comes in a few weeks ..

I
Thx for your help.

Two questions:

1. how can i find out if my provider blocks my dns Servers? see https://www.dnsleaktest.com/what-is-transparent-dns-proxy.html

2. Does opnsense offer the possibility to do something about this?

3. how can i find out which dns Server of my list my Firewall currently uses?
Can i use nslookup on the Firewall?

Regards rene

opnsenseuser · November 13, 2018, 03:04:43 PM

Quote from: mimugmail on November 12, 2018, 07:49:10 PM
Hm, works for me

ok, i found out that my provider uses a transparent dns proxy!
So my provider can log every visited website from me.

Can I do anything with opnsense here?

regards rené

bartjsmit · November 13, 2018, 03:51:07 PM

Hi René

Quote from: noname12123 on November 13, 2018, 03:04:43 PM
Can I do anything with opnsense here?

You currently have two options:

1. Find a better provider ;)
2. Sign up with a VPN and run all your outbound traffic through them

Once the dnscrypt plugin is added to OPNsense, this will no longer be a problem.

Bart...

opnsenseuser · November 13, 2018, 03:55:46 PM

Quote from: bartjsmit on November 13, 2018, 03:51:07 PM
Hi René

Quote from: noname12123 on November 13, 2018, 03:04:43 PM
Can I do anything with opnsense here?

You currently have two options:

1. Find a better provider ;)
2. Sign up with a VPN and run all your outbound traffic through them

Once the dnscrypt plugin is added to OPNsense, this will no longer be a problem.

Bart...

thx for your help!

1. so if dnscrypt plugin is added i don´t need to use vpn ?
2. this works synonymous with squid or is that in no connection ?

regards
rené

bartjsmit · November 13, 2018, 09:39:24 PM

Hi René,

Yes, DNS will flow securely through dnscrypt which will foil any attempt to transparently proxy the traffic, since that will be seen as a MITM attack. The two benefits of secure protocols are encryption and verification of endpoints.

Squid services a different protocol although it is susceptible to transparent proxies as well; your ISP can transparently inspect and proxy any HTTP traffic, but HTTPS traffic is protected.

Bart...

opnsenseuser · November 13, 2018, 11:04:53 PM

Quote from: bartjsmit on November 13, 2018, 09:39:24 PM
Hi René,

Yes, DNS will flow securely through dnscrypt which will foil any attempt to transparently proxy the traffic, since that will be seen as a MITM attack. The two benefits of secure protocols are encryption and verification of endpoints.

Squid services a different protocol although it is susceptible to transparent proxies as well; your ISP can transparently inspect and proxy any HTTP traffic, but HTTPS traffic is protected.

Bart...

Thx for your Information. :-)

In which opnsense release will the new plugin appear?

mimugmail · November 14, 2018, 06:32:08 AM

It's under review, just watch the open PRs

opnsenseuser · November 14, 2018, 08:24:38 AM

Quote from: mimugmail on November 14, 2018, 06:32:08 AM
It's under review, just watch the open PRs

Hope to See this Plugin soon!

opnsenseuser · November 20, 2018, 11:08:13 AM

Quote from: mimugmail on November 14, 2018, 06:32:08 AM
It's under review, just watch the open PRs

https://github.com/opnsense/plugins/pull/965 "merged" ! great work! :-)

is there also a howto in which I could solve the problem described by me!

i mean this -> "my provider uses a transparent dns proxy!" -> how can i solve this , that my Provider can´t read my sites i visited using this plugin?

regards rené

mimugmail · November 20, 2018, 11:27:53 AM

With 18.7.8 you'll have a devel pkg to install, then you forward unbound to dnscrypt-proxy like here:
https://www.routerperformance.net/opnsense/dnsbl-via-bind-plugin/

Then your DNS is forwarded via port 853 so it wont be intercepted ...

What are the best DNS Servers for privacy use?

opnsenseuser

November 12, 2018, 01:41:36 PM

mimugmail

November 12, 2018, 01:48:56 PM #1

tofaz

November 12, 2018, 04:11:49 PM #2

mimugmail

November 12, 2018, 07:49:10 PM #3

tofaz

November 12, 2018, 09:00:09 PM #4

opnsenseuser

November 13, 2018, 04:43:56 AM #5 Last Edit: November 13, 2018, 03:01:14 PM by noname12123

opnsenseuser

November 13, 2018, 03:04:43 PM #6

bartjsmit

November 13, 2018, 03:51:07 PM #7

opnsenseuser

November 13, 2018, 03:55:46 PM #8

bartjsmit

November 13, 2018, 09:39:24 PM #9

opnsenseuser

November 13, 2018, 11:04:53 PM #10

mimugmail

November 14, 2018, 06:32:08 AM #11

opnsenseuser

November 14, 2018, 08:24:38 AM #12

opnsenseuser

November 20, 2018, 11:08:13 AM #13 Last Edit: November 20, 2018, 11:11:30 AM by noname12123

mimugmail

November 20, 2018, 11:27:53 AM #14